Two Very Good Reasons to Upgrade to iOS 9.3 As Soon As Possible

Upgrading iOSes can be a minor pain, and it’s easy to ignore the dialogue boxes encouraging you to do so, especially when the biggest feature Apple is touting for its latest upgrade is Night Shift, which, uh, changes the color of your screen depending on the time of day. But Apple is also patching two major security flaws for this version, which is more than reason enough to find your USB cord and tear yourself away from the phone for the time it’ll take toupgrade.

The first is a problem with iMessage encryption. While the text you send over iMessage is as secure as it’s always been, a recently discovered security bug would allow hackers to potentially decrypt photos and videos sent over the service. (And, let’s be honest: For most of us, we’re a lot more concerned about the photos and videos we send than the text. It’s hard to take a nude ASCIIselfie.)

To intercept a file, the researchers wrote software to mimic an Apple server. The encrypted transmission they targeted contained a link to the photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt thephoto.

Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands oftimes.

As bad as that sounds — in particular given the recent debate about encryption and law enforcement — the second bug is much scarier. It’s a vulnerability that allows an intruder to execute code remotely via a Wi-Fi driver, allowing an attacker to “use specially crafted wireless control message packets to corrupt kernel memory in a way that leads to remote code execution in the context of thekernel.”

In case, for some reason, that quote doesn’t make perfect sense to you, it means that if you’re connected to Wi-Fi — even private Wi-Fi, even with a VPN — you’re vulnerable to an attack that would allow a hacker connected to the same Wi-Fi network to execute code at the device’s most foundational level. Scarily, this bug has been known since at least February 1, when it was patched forAndroid.

Not good! Update your phone: It’s easy. From the phone, go to Settings; then General; then Software Update; and tap Download and Install. Do it now; don’t wait for tonight. Within an hour you’ll be able to get back to sending nude photos over Wi-Fi without needing toworry.